USN-4910-1: Linux kernel vulnerabilities
First published: Tue Apr 13 2021(Updated: )
Ryota Shiga discovered that the sockopt BPF hooks in the Linux kernel could allow a user space program to probe for valid kernel addresses. A local attacker could use this to ease exploitation of another kernel vulnerability. (CVE-2021-20239) It was discovered that the BPF verifier in the Linux kernel did not properly handle signed add32 and sub integer overflows. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-20268) It was discovered that the priority inheritance futex implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3347) It was discovered that the network block device (nbd) driver in the Linux kernel contained a use-after-free vulnerability during device setup. A local attacker with access to the nbd device could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3348) 吴异 discovered that the NFS implementation in the Linux kernel did not properly prevent access outside of an NFS export that is a subdirectory of a file system. An attacker could possibly use this to bypass NFS access restrictions. (CVE-2021-3178)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-5.8.0-1020-raspi | <5.8.0-1020.23 | 5.8.0-1020.23 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-5.8.0-1020-raspi-nolpae | <5.8.0-1020.23 | 5.8.0-1020.23 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-5.8.0-1023-kvm | <5.8.0-1023.25 | 5.8.0-1023.25 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-5.8.0-1025-oracle | <5.8.0-1025.26 | 5.8.0-1025.26 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-5.8.0-1027-azure | <5.8.0-1027.29 | 5.8.0-1027.29 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-5.8.0-1027-gcp | <5.8.0-1027.28 | 5.8.0-1027.28 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-5.8.0-1028-aws | <5.8.0-1028.30 | 5.8.0-1028.30 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-5.8.0-49-generic | <5.8.0-49.55 | 5.8.0-49.55 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-5.8.0-49-generic-64k | <5.8.0-49.55 | 5.8.0-49.55 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-5.8.0-49-generic-lpae | <5.8.0-49.55 | 5.8.0-49.55 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-5.8.0-49-lowlatency | <5.8.0-49.55 | 5.8.0-49.55 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-aws | <5.8.0.1028.30 | 5.8.0.1028.30 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-azure | <5.8.0.1027.27 | 5.8.0.1027.27 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-gcp | <5.8.0.1027.27 | 5.8.0.1027.27 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-generic | <5.8.0.49.54 | 5.8.0.49.54 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-generic-64k | <5.8.0.49.54 | 5.8.0.49.54 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-generic-lpae | <5.8.0.49.54 | 5.8.0.49.54 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-gke | <5.8.0.1027.27 | 5.8.0.1027.27 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-kvm | <5.8.0.1023.25 | 5.8.0.1023.25 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-lowlatency | <5.8.0.49.54 | 5.8.0.49.54 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-oem-20.04 | <5.8.0.49.54 | 5.8.0.49.54 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-oracle | <5.8.0.1025.24 | 5.8.0.1025.24 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-raspi | <5.8.0.1020.23 | 5.8.0.1020.23 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-raspi-nolpae | <5.8.0.1020.23 | 5.8.0.1020.23 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-virtual | <5.8.0.49.54 | 5.8.0.49.54 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-5.8.0-49-generic | <5.8.0-49.55~20.04.1 | 5.8.0-49.55~20.04.1 |
| =20.04 | ||
| All of | ||
| ubuntu/linux-image-5.8.0-49-generic-64k | <5.8.0-49.55~20.04.1 | 5.8.0-49.55~20.04.1 |
| =20.04 | ||
| All of | ||
| ubuntu/linux-image-5.8.0-49-generic-lpae | <5.8.0-49.55~20.04.1 | 5.8.0-49.55~20.04.1 |
| =20.04 | ||
| All of | ||
| ubuntu/linux-image-5.8.0-49-lowlatency | <5.8.0-49.55~20.04.1 | 5.8.0-49.55~20.04.1 |
| =20.04 | ||
| All of | ||
| ubuntu/linux-image-generic-64k-hwe-20.04 | <5.8.0.49.55~20.04.33 | 5.8.0.49.55~20.04.33 |
| =20.04 | ||
| All of | ||
| ubuntu/linux-image-generic-hwe-20.04 | <5.8.0.49.55~20.04.33 | 5.8.0.49.55~20.04.33 |
| =20.04 | ||
| All of | ||
| ubuntu/linux-image-generic-lpae-hwe-20.04 | <5.8.0.49.55~20.04.33 | 5.8.0.49.55~20.04.33 |
| =20.04 | ||
| All of | ||
| ubuntu/linux-image-lowlatency-hwe-20.04 | <5.8.0.49.55~20.04.33 | 5.8.0.49.55~20.04.33 |
| =20.04 | ||
| All of | ||
| ubuntu/linux-image-virtual-hwe-20.04 | <5.8.0.49.55~20.04.33 | 5.8.0.49.55~20.04.33 |
| =20.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2021-20268
- https://ubuntu.com/security/CVE-2021-3178
- https://ubuntu.com/security/CVE-2021-3347
- https://ubuntu.com/security/CVE-2021-3348
- https://ubuntu.com/security/CVE-2021-20239
- https://ubuntu.com/security/notices/USN-4877-1
- https://ubuntu.com/security/notices/USN-4878-1
- https://ubuntu.com/security/notices/USN-4876-1
- https://ubuntu.com/security/notices/USN-4912-1
- https://ubuntu.com/security/notices/USN-4884-1
- https://ubuntu.com/security/notices/USN-4907-1
- https://ubuntu.com/security/notices/USN-4909-1
- https://launchpad.net/ubuntu/+source/linux-raspi/5.8.0-1020.23
- https://launchpad.net/ubuntu/+source/linux-signed-kvm/5.8.0-1023.25
- https://launchpad.net/ubuntu/+source/linux-signed-oracle/5.8.0-1025.26
- https://launchpad.net/ubuntu/+source/linux-signed-azure/5.8.0-1027.29
- https://launchpad.net/ubuntu/+source/linux-signed-gcp/5.8.0-1027.28
- https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1028.30
- https://launchpad.net/ubuntu/+source/linux-signed/5.8.0-49.55
- https://launchpad.net/ubuntu/+source/linux/5.8.0-49.55
- https://launchpad.net/ubuntu/+source/linux-meta-aws/5.8.0.1028.30
- https://launchpad.net/ubuntu/+source/linux-meta-azure/5.8.0.1027.27
- https://launchpad.net/ubuntu/+source/linux-meta-gcp/5.8.0.1027.27
- https://launchpad.net/ubuntu/+source/linux-meta/5.8.0.49.54
- https://launchpad.net/ubuntu/+source/linux-meta-kvm/5.8.0.1023.25
- https://launchpad.net/ubuntu/+source/linux-meta-oracle/5.8.0.1025.24
- https://launchpad.net/ubuntu/+source/linux-meta-raspi/5.8.0.1020.23
- https://launchpad.net/ubuntu/+source/linux-signed-hwe-5.8/5.8.0-49.55~20.04.1
- https://launchpad.net/ubuntu/+source/linux-hwe-5.8/5.8.0-49.55~20.04.1
- https://launchpad.net/ubuntu/+source/linux-meta-hwe-5.8/5.8.0.49.55~20.04.33
- https://ubuntu.com/security/notices/USN-4910-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
- agent/severity
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/usn
- source/Ubuntu
- anchor-related/USN-4877-1
- anchor-related/USN-4878-1
- anchor-related/USN-4876-1
- anchor-related/USN-4912-1
- anchor-related/USN-4884-1
- anchor-related/USN-4907-1
- anchor-related/USN-4909-1
- agent/software-canonical-lookup
- agent/references
- agent/tags
- agent/description
- agent/event
- agent/title
- agent/weakness
- agent/trending
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/20.10
- version/ubuntu ubuntu/20.04